Startup says its solution verifies state of networks for security

Network and security administrators may dream of stable, secure and agile networks, but the truth is that over a period of time they become complex and clogged with policies.

A California startup called Veriflow said Tuesday it is ready to sell a solution that mathematically verifies network policies to minimize change-induced network outages and breaches.

CEO Jim Brear said in an interview the software — sold in either on-premise or as a cloud service — borrows the concept of formal verification used by semi-conductor chip makers and in the aerospace industry to prove or disprove the correctness of a system’s functional specifications.

Veriflow says its solution creates maps like this that accurately track packet flows
Veriflow says its solution creates maps like this that accurately track packet flows

Traditional solutions include change management and automation tools. But, Brear said, “they’re very expensive, very  manual, time consuming and they don’t solve the problem.”

“We mathematically verify network policies, whether they are actually realized or not, by predicting all possible data flow behaviour before it happens” and how devices will react to changes, added CTO and co-founder Brighton Godfrey.

“There’s no reason why networks can’t be just as trustworthy as other mission-critical devices and applications.”

He said Veriflow’s virtual appliance software discovers Layer 1-4 devices (routers, switches, load balances, firewalls, virtual firewalls) in the data plane and captures read-only data from ACL/CAM tables that control what happens when a packet goes into the device. The data is then synthesized into a network-wide predictive model using algorithms of all possible data flows.

If the network configuration is changed, either accidentally or through an attacker, Veriflow tells administrators whether the network still conforms to the established policies — upholding network segmentation, for example.

The solution also includes a library of best practices current network and security policies can be compared against.

However, Godfrey acknowledged that the solution doesn’t prevent an organization from implementing a poor policy. Nor, he added, does it do packet inspection.

In an interview Daniel Conde, an analyst with the Enterprise Strategy Group, hesitated at calling Veriflow a security product.  Instead he described it as “more of a general purpose way of verifying the state of a network.”

As networks get more complex it’s harder to manually securely configure devices, he agreed. Veriflow “is a novel approach to use mathematical verification,” to confirm packet flow, he said.

“I don’t think machine verification alone is a silver bullet,” he added. He also cautioned that he hasn’t seen Veriflow in action or interviewed a customer.

He also noted there are other products that include network policy verification in their feature sets, such as Cisco Systems’ ACI (Application Centric Infrastructure) and VMware’s NSX network virtualization platform.

Brear said his company now has customers in trials and is ready to sell the solution — either direct or through yet-to-be-announced network of value added resellers — but the product with a full feature set won’t be available until the second half of the year.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now